Closed Bug 1425826 Opened 6 years ago Closed 6 years ago

[Static Analysis] Dereference of null return value in BinASTParser::parseBlockStatementAux

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla59

Tracking Flags:

Tracking

Status

firefox59

---

fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1426305)

Attachments

(1 file)

Bug 1425826 - prevent null pointer dereference in BinASTParser::parseBlockStatementAux. 6 years ago Andi [:andi] 59 bytes, text/x-review-board-request	jorendorff : review+	Details

Andi [:andi]

Assignee

Description

•

6 years ago

A possible null pointer dereference can occur in the following context:

>>    // In case of absent optional fields, inject default values.
>>    if (!body)
>>        body = factory_.newStatementList(tokenizer_->pos());
>>
>>   MOZ_TRY_VAR(body, appendDirectivesToBody(body, directives));


I think we can avoid this by packing | newStatementList | call with TRY_DECL.

Comment hidden (mozreview-request)

Review commit: https://reviewboard.mozilla.org/r/208092/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/208092/

Jason Orendorff [:jorendorff]

Comment 2

•

6 years ago

mozreview-review

Comment on attachment 8937418 [details]
Bug 1425826 - prevent null pointer dereference in BinASTParser::parseBlockStatementAux.

https://reviewboard.mozilla.org/r/208092/#review214458

r=me with the one comment addressed.

::: js/src/frontend/BinSource.cpp:338
(Diff revision 1)
>          }
>      }
>  
>      // In case of absent optional fields, inject default values.
>      if (!body)
> -        body = factory_.newStatementList(tokenizer_->pos());
> +        TRY_DECL(body, factory_.newStatementList(tokenizer_->pos()));

This seems like it would be a syntax error. Does it compile?

I think it needs to be `TRY_VAR` instead of `TRY_DECL`.

Attachment #8937418 - Flags: review?(jorendorff) → review+

Jason Orendorff [:jorendorff]

Updated

•

6 years ago

Priority: -- → P1

Comment hidden (mozreview-request)

Comment on attachment 8937418 [details]
Bug 1425826 - prevent null pointer dereference in BinASTParser::parseBlockStatementAux.

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/208092/diff/1-2/

Pulsebot

Comment 4

•

6 years ago

Pushed by bpostelnicu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4d07f50ba637
prevent null pointer dereference in BinASTParser::parseBlockStatementAux. r=jorendorff

Ryan VanderMeulen [:RyanVM]

Comment 5

•

6 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/4d07f50ba637

Status: NEW → RESOLVED

Closed: 6 years ago

status-firefox59: affected → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla59

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

[Static Analysis] Dereference of null return value in BinASTParser::parseBlockStatementAux

Categories

(Core :: JavaScript Engine, enhancement, P1)

Tracking

()

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 1426305)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Updated

Comment 3

Comment 4

Comment 5

Attachment

General

Description

File Name

Content Type